People keep pushing signal because it is supposedly secure. But it runs on platforms that are so complex with so much eco system garbage that there is no way know even within a low percentage of confidence if you've done everything required to ensure you are communicating just with the person you think you are. There could be listeners at just about every layer and that is still without looking at the meta-data angle which is just as important (who communicated with who and when, and possibly from where).
I've raised concerns about the Signal project whitewashing risks such as keyboard apps or the OS itself, and the usual response is that it's my fault for using an untrustworthy OS and outside Signal's scope.
At some point there need to be a frank admission that ETE encrypted messaging apps are just the top layer of an opaque stack that could easily be operating against you.
They've made encryption so slick and routine that they've opened a whole new vector of attack through excessive user trust and laziness.
Encrypting a message used to be slow, laborious and cumbersome; which meant that there was a reticence to send messages that didn't need to be sent, and therefore to minimise disclosure. Nowadays everything is sent, under an umbrella of misplaced trust.
There is nothing secure about sending encrypted content to notifications. If it were secure, it would only notify that there is a message, with no details included.
> If it were secure, it would only notify that there is a message, with no details included.
You're right. This is configurable via settings, but is not the default state.
That said: if I can get friends and family to use Signal instead of iMessage, that gives me the opportunity to disable those notifications and experience more security benefits.
But I agree with your point: most people think that Signal is bulletproof out of the box, and it's clearly not.
Once again there is a trade off between security and user convenience.
If security is the main differentiator then app should start in the most secure mode possible. Then allow users to turn on features while alerting them to the risks. Or at least ask users at startup whether they want "high sec mode" or "convenient mode".
As the app becomes more popular as a general messaging replacement, there will be a push towards greater convenience and broad based appeal, undermining the original security marketing as observed here.
You missed the management factor. And even if managers don't explicitly ask you to build insecure stuff they will up to the pressure to the point that you have no choice or leave the company for someone who will do just that. So the end result is the same. Rarely will individual push back with some force and then they will eventually be let go because they're 'troublemakers'.
The fact that it's a box with a plug and a state that can be fully known. A conscious entity has a state that can not be fully known. Far smarter people than me have made this argument and in a much more eloquent way.
They are distinguishable because they know too much. Their knowledge base has surpassed humans. We have also instructed them to interact with us in a certain manner. They certainly are able to understand and use human language. Which I think was Turin's point.
Purely retorica but, would you be able to distinguish a chatbot from an autistic human?
This article would be a lot more digestible if we didn't have actual scary data rather than just stories. Not a day goes by without some prompt injection oopsie, security gotcha, deepfake or some sandbox escape artist demonstration and tbh I'm impressed but more to the point where I don't doubt this is dangerous tech, I'm sure of it.
This is roughly 1995 again and we're going to find out all over why mixing instructions and data was a spectacularly bad idea. Only now with human language as the input stream, which is far more expressive than HTML or SQL ever were. So now everybody is a hacker. At least in that sense it has leveled the playing field I guess.
That's because they don't stay in their lane as business owner, but use the proceeds of that business (and a bunch of others) to influence world politics in a way that no single individual should ever be able to.
Ok, so you have a problem with your boss. Fine. Solve it, sue them, whatever. But you don't go and endanger the lives of your co-workers and countless emergency responders. What an idiot.
It's interesting that democracy is so incredibly fragile. All it takes is for a minor portion of the voters to be given a bunch of lies that increase their own feelings of superiority and boom, there goes your decades long work. Frightening too.
It took a long, concerted campaign to build up to this. This is a project that began in the late 80s, with roots even further back than that.
It was more than just "a bunch of lies", but an entire parallel media ecosystem. Fox News is the most visible part of it, but there are also newspapers, local TV channels, radio, and eventually their own social network. They spent the 60s and 70s building up the network of evangelical preachers.
In addition, they've been systematically destroying other sources: the Washington Post, Twitter, NPR. When they cannot destroy it, they devote a constant barrage of pressure on their other media to discredit it.
Plus guest appearances from a shadowy network of Russian trolls. I think it's a relatively small influence, but it has been a persistent goad in that direction.
There was a careful political plan to take over the majority of state governments and the Supreme Court. Each of those led to more ability to control the narrative and the outcome of elections.
This wasn't minor and it wasn't an accident. It wasn't exactly centrally planned, but a lot of very rich people put a lot of money in the same direction, and this is the result.
I think the fragility is more with the people in charge, who have long abided by norms and reasonable interpretations. The current Trump admin uses every lever and argument to abuse the laws, flat out making things up so they can create a court case so they can do the thing until it is over turned.
That's another attack vector to them: the latency of the courts is such that you can essentially stall and get away with something for years. Companies do the same thing.
reply